88% of Hacked Password Contain 12 Characters or Less

Even if you think your passwords are long enough, they're probably not — but there are tools that can help.

When it comes to passwords, keeping them “short and sweet” isn’t cutting it, with new findings from Specops Software revealing that 88% of passwords used in cyberattacks are made up of 12 characters or less.

The company’s annual Weak Password Report also found that 83% of passwords used satisfy the password length and complexity requirements — suggesting that using special characters may not be enough, either.

Despite being preventable, research indicates weak and simple passwords are the cause of over 80% of data breaches. But if you’re still using crackable passwords, we also note an easy way to strengthen your password hygiene in 2023.

Specops Weak Password Report: Top Findings

Long, complex passwords are a pain to remember. But new findings from password security company Specops reveal that failing to follow best practices could cost you or your company in the long run.

After analyzing 800 million breached passwords within the company’s Breached Password Protection list, the researchers found that using a lengthy password is key, with 88% of compromised passwords containing 12 characters or less. Creating codes in the single digits appears to be even riskier, with the research revealing that the most common password length found in this attack was eight.

Surprisingly, even those who comply with length and complexity requirements may not be safe, with 83% of compromised codes being deemed as “safe” passwords by major security agencies like NIST, PCI, and HITRUST for HIPPA.

Somewhat less surprisingly, the report found that “password” was the most commonly hacked code, with “admin” and “welcome” trailing in second and fourth position. Specops also found that organizations using their own name as their first barrier of defense stand a much higher chance of being hacked, with Nvidia, the chipmaker subject to a major breach last year, being used as a prime example.

Boost Your Password Security in One Simple Step

With 41% of Americans relying on memory alone to keep track of their passwords, it’s no surprise simple, catchy passwords are widespread. Yet, with instances of data breaches doubling in the past two years and attacks costing companies an average of $4.24 million dollars, using strong passwords has never been more important.

Fortunately, the days of committing passwords to memory (or jotting them down on a crumpled post-it note) are over. Password managers allow users to store and manage their passwords across a multitude of different platforms at once. And if creating a unique, impenetrable password stresses you out, don’t worry — password managers can design codes for you too.

After researching and testing a range of the top solutions, we found that NordPass was the best of the bunch, due to its simple design and affordable price point. However, from 1Password to LastPass, the market is packed with tools designed to bolster your first, and most important, line of defense.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Isobel O'Sullivan (BSc) is a senior writer at Tech.co with over four years of experience covering business and technology news. Since studying Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also worked as a freelance tech researcher. Isobel’s always up to date with the topics in employment and data security and has a specialist focus on POS and VoIP systems.
Explore More See all news
Back to top
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free